Password Best Practices and Standards

Why am I required to change my password?

Your University Computing Account gives you access to many computing services at Pitt, including email, the Learning Management System (Canvas), and My Pitt. These systems may contain personal and sensitive information about you. Increasingly, malicious software and other methods such as "phishing" are being used to try to obtain your password. If someone acquires your password, they will gain unauthorized access to your computing account and University resources. Periodic password changes will help to safeguard your account.

How does the password change wizard work?

When you click the link in the yellow notification box, you will be asked to complete the following steps:

1. Review your Emergency Notification Service (ENS) contact details and modify them if necessary.
2. Review and, if necessary, modify your emergency contact information (students only).
3. Review the three security questions you can use to reset your password online if you forget it. If you have never set your security questions, you will be required to do so before proceeding.
4. Change your password.

Do I have to wait for the notification message to display before I can change my password?

No. You can change your password at any time. Log in to the Accounts Self-Service page to manage your password and security questions.

Keep in mind that if you change your password today, you can avoid seeing the notification message for another 180 days.

How do I pick a strong password?

The following requirements have been put in place to help you choose strong password:

• Your new password must be eight to 14 characters long
• Your new password must consist of some combination of letters and numbers and must also contain at least one special character (for example, +, @, #, or $)
• The following special characters can NOT be used: _ ` < > & ! . ,
• You cannot use your name, username, or any portion of these as your password
• You cannot reuse the same password within a year, and you cannot reuse any of your previous six passwords

In addition, keep in mind that passwords that contain only letters and dictionary words are easier for someone to guess or for computer programs to decipher.

Tips for creating a strong password (video) >

How can I keep track of my different passwords?

Try a password manager like Pitt Password Manager (LastPass). Pitt Password Manager makes it easy to generate strong, unique passwords for every service you use, helping to protect your Pitt-related services, as well as your personal services.

It's important to use different passwords for your digital accounts. Your University Computing Account password, online banking passwords, and social media passwords should all be different. With so many passwords, it can be easy to forget them or mix them up along the way. Pitt Password Manager simplifies your online life by saving your passwords in a secure vault that you can access from any device, using a single, strong master password. You no longer have to remember unique passwords for every site you visit. Pitt Password Manager remembers them for you. 

Business accounts are recommended for storing and sharing your University-related passwords and information. Premium accounts are recommended for storing your personal passwords and information. You can link your Premium account to your Business account so that you can easily manage all of your passwords from one convenient interface.

What happens if I do not change my password before it expires?

If you do not change your password before that password expires, when you log in to My Pitt you will only see the password change wizard. As soon as you change your password, you will be able to use My Pitt normally again.

I'm having difficulty connecting to my email and to the network from my mobile phone after changing my password. What should I do?

It is possible that your phone has stored your previous password locally. You will need to update the old password that is stored on your phone so that it matches your new University Computing Account password.

I'm having difficulty connecting to PittNet Wi-Fi after changing my password. What should I do?

If you have difficulty connecting to PittNet Wi-Fi after changing your password, please follow the standard connection instructions. If you still cannot connect to PittNet Wi-Fi, contact the Technology Help Desk at 412-624-HELP (4357).

Will people with sponsored accounts be required to change their password every 180 days?

Yes. Anyone with a sponsored account will also be required to change his or her password at My Pitt every 180 days. Those with sponsored accounts will not be prompted to enter ENS information during the password change wizard.

It is strongly suggested that you change your password as soon as you receive your University Computing Account. You can do this at the Accounts Self-Service page.

Your new password:

• Should consist of some combination of letters and numbers, and must include at least one special character (for example, +, @, #, or $)
• Should not use your name, your username, or a portion of these
• You cannot reuse the same password within a year, and you cannot reuse any of your previous six passwords

If you haven't already done so, be sure to select the three security questions and answers. They will be used to confirm your identity in the event you forget your password.

1. Log in to the Accounts Self-Service page.
2. Change your password under the "Login & Security" tab.
3. Update your security questions under the same "Login & Security" tab (under the "Update Security Questions" secondary tab).

Once you have set your security questions, you do not need to change them the next time that you change your password.

Note: To enhance security and protect data, students will be required to change their University Computing Account password twice per year at the Accounts Self-Service page. A prompt will appear on My Pitt when it is time for you to change your password.

If you have difficulty connecting to PittNet Wi-Fi after changing your password, please follow the standard connection instructions. 

Students, faculty, and staff who forget their University Computing Account password can use the Self-Service Password Reset Service to reset their password online quickly and securely. You must select and answer three online security questions before you can use the Self-Service Password Reset Service. If you forget your password, you will be prompted to answer these security questions in order to verify your identity. If you forget your password and have not set your security questions, you will need to visit a Student Computing Lab to have your password reset.

There are several ways you can reset your password if you forget it

A. Reset Your Password–You Have Your Security Questions

Note: If you haven't already set your password security questions, you will need to use one of the methods below.

1. Click the Forgot password? link on the login page of My Pitt.

   

2. Enter your University Computing Account username and date of birth. Click Next.
3. Answer your three security questions and click Next.
4. Enter and confirm your new password, then click Submit.

Your password has been successfully reset.

B. Reset Your Password–You Do Not Have Your Security Questions

1. Contact the Technology Help Desk by submitting an online request or calling 412-624-HELP (4357). The Technology Help Desk will ask specific questions to confirm your identity and will give you a new password over the phone only if you can answer these questions.
   or
2. Pittsburgh campus only: Stop at a Student Computing Lab with a government-issued ID, such as a driver's license or passport. The lab monitor will verify your identity and call the Technology Help Desk at 412-624-HELP (4357), which will give you a new password over the phone.

• If you call the Technology Help Desk, then your password will only be given to you by phone. It will not be sent by any electronic means (for example, email, instant message, or text message).
• After your password has been reset, you should immediately change it. Access the "Login & Security" section of the Accounts Self-Service page using your University Computing Account username and the password.
• Once logged in, follow the instructions on the page to manage your password and security questions. You will be prompted to select and answer three password security questions that will enable you to reset your password online.

If you have a sponsored account, you must ask your Responsibility Center Account Administrator or the account sponsor to contact the Technology Help Desk on your behalf. The Technology Help Desk will ask specific questions to verify the identity of the Responsibility Center Account Administrator or account sponsor. Then they will provide a new password to them over the phone. The Responsibility Center Account Administrator or account sponsor will then distribute the new password to you.